We'rve been using Forefront TMG for a few months in single NIC configuration. for most websites, we deny download of certain types of content. But we would like to allow everything for a limited numbers of website, like Intranet websites. No restriction is applied except for the destination.. It's open to all users, all content types, all protocolsThis rules is called:
So we created a rule allowing everything for those Domain and URLs sets for which we want to allow users to download. the rules comes is at the top of the "Web Access policy Group" list.
And down the list you can find the rule that denies download for every other websites except the Domain and URLs sets for which we allow downloads specified "Anonymous Access" rule above. This denying rules is called
HTTP Downloads Forbidden
Users: Domain Users.Exceptions: Admins and Helpdesk
From: Internal and local host
To:Internal and local host: Exceptions: Domain, Network and URLs sets specified in the "Anonymous Access rule"
Administrators and Helpdesk have no problem. But domain users when trying to download from URL's contained in the "Anonymous access" rule, they still get blocked by the "HTTP Downloads Forbidden" rule.